[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit

californiajack at tormail.org californiajack at tormail.org
Wed Jan 2 23:08:58 PST 2013 

> I appreciate your input, but I don't think we need to be so black and

I appreciate yours. Given the technical depth I am at, I really don't
expect very many people to reply for anything other than to tell me they
disagree with some outrageous thing I said. Almost no one will respond to
my dry, technical arguments by themselves.

> white and fatalistic about the situation. I think lots of people run
> open wireless networks right now with no first-hop protection, and that
> doesn't make them idiots. As SSL is adopted more and more, people are

Yes, I am being very black and white, very fatalistic. I do so because
this is a mailing list, and one who reads this list might get the idea,
without such strong wording, that everyone thinks everything is heading in
the right direction. I don't.

I think if it weren't for Jouni Malinen of the hostapd/wpa_supplicant
project, there wouldn't even be an OpenWireless.org project. All my
bitching and moaning is really all over what is a ridiculously small part
of what he has contributed to the world for free. (Also, yes, I know many
others have contributed as well, OpenWRT, Linux Wireless, etc. I just
don't know their names off hand.)

But recognizing what is wrong is a fundamental step in fixing what is
wrong. Sometimes identifying what is wrong comes off as black and white.
Sometimes identifying what is wrong comes off as fatalistic. Please don't
let that distract you.

(BTW non-proficiency in technical matters was given an alternate adjective
of "stupid" for juxtaposition to those with technical proficiency or
"smart", not really as an insult. I should really listen to Wikipedia on
the matter: "avoiding language barriers such as jargon, bypassing, and
offensive language may prevent misunderstandings in group or interpersonal
discussions"...)

> doesn't make them idiots. As SSL is adopted more and more, people are
> getting real security in place of WPA2-PSK which doesn't protect them
> from anyone who knows the shared secret anyway.
>

I think we are in agreement on those 2 points. SSL is becoming more
widespread, and this is a good thing, and PSK does not provide forward
secrecy as I understand it. Just to be clear, though, WPA2-PSK is not RSN,
nor is it 802.1X (which uses EAP such as EAP-TLS) as is used in
WPA2-Enterprise as the Wifi Alliance calls it.

> As far as "hacks" go, I think VPN is a bit of a hack, but if as an AP
> operator you feel more comfortable running a VPN, then I say go for it.
> If you want to create a system that tunnels clients through VPNs
> automatically, I agree that sounds hard and complicated, but I encourage
> people to run with the idea if they are optimistic that there is
> something workable. Progress in technology often happens through hacks
> on existing systems (hell, Certificate Authorities in SSL are a hack),
> as opposed to everyone neatly deciding to switch to a new and better
> system (e.g. IPv6 adoption which has been painfully slow).
>

This is a valid point. I think what your saying, is if someone wants to
implement what others may think is a suboptimal solution for their own
network, then go for it. I think we are in agreement.

Where I think you may have missed my point is that OpenWireless.org should
hammer out, and recommend, *better* solutions for those who want better
solutions. Because that's what is needed. I want a better solution. I am
pretty sure others do as well. Hence my initiation of discussion on these
matters. I think I raise a valid, and hitherto practically unraised,
point.

Also, while somewhat related but somewhat no related, is the SSL CA
problem. That was the subject of my earlier rant against the DANE WG. I
think these keywords such as DANE and TLSA have a place in this
discussion, albeit a peripherial or less important one. (BTW, TLSA
authenticates SSL certificates through DNSSEC, all the way up to
SAIC/Verisign and ICANN/USDoD/USDoC, if you don't know. But only HTTP SSL
certificates, not other x.509 certificate usage situations, such as those
used in EAP-TLS.)

I also note tf the IETF just said "oh well if people want to keep using
the current SSL setup that's fine", instead of saying "this situation is
suboptimal; a better solution is needed; this is the correct forum to work
out a solution", then we would have no RFC 6698 (circa August 2012) TLSA
RR.

> I think unauthenticated EAP-TLS is a hack too, but I agree that progress
> can be made to make it smoother and there has been some discussion on
> this list about it already. In short, if we work on all of these

I think this is the first main disagreement between us here. The EAP-TLS
standard, RFC 5216, is pretty clear:

"""While the EAP server
   SHOULD require peer authentication, this is not mandatory, since
   there are circumstances in which peer authentication will not be
   needed (e.g., emergency services, as described in [UNAUTH]), or where
   the peer will authenticate via some other means."""

I think OpenWireless is a perfect example of the latter, where "peer
authentication will not be needed", and is completely within the standard
and not a hack. Of course, what you or I or anyone else thinks or wants on
their own AP on their own network is irrelevant; hostapd has already
decided for you, and you cannot overrule them. You can change your beacon
settings for crazy timing, and God knows what else, but you CANNOT change
what RFC 5216 explicitly says you can. This is such a large oversight, and
like I said, I was and still am amazed. (Does "there are circumstances"
mean something else?? Is OpenWireless *not* such a circumstance?? I feel
like I'm going crazy being 1 of 2 people in the entire world who think so.
Someone please tell me I'm not crazy! Someone agree with me! This is my
MAIN point!)

> solutions in parallel without spending so much energy knocking down
> other people's ideas, more progress will be made. That's not to say

These are old ideas, and knocking them down is as easy as knocking WEP
down. They are suboptimal, and people should be made aware of the HUGE
weaknesses, in this case the weakness is primarily that VPN is a
client-server solution, and asking all clients and all servers to
implement it will end up in the same situation we are in now. The weakness
really isn't a protocol one, but one of application. The proof is in the
pudding: because VPN as a solution to wifi has already been recommended a
long time ago, and no one uses it a decade later because it is impractical
and hack-ish.

My university used a twist on this idea, the idea of VPN over unsecured
wifi, a long time ago now, back in the 00s. It was used by I think *many*,
if not most, universities. Both no on uses it anymore, really. Why?
Because its a hack. And like all hacks, everyone is going to implement
their hack in a different fashion than everyone else. My university used a
different VPN solution than anyone else, based on Cisco I think. Some will
choose OpenVPN, other will choose some other protocol that has some cool
technical edge. But they *will* still be stuck choosing among solutions
that all share a common trait: they are hacks. And then it gets to the
point where there will be another OpenWireless.org type project that will
use a slightly different recommended solution than OpenVPN, maybe like
this CJDNS cryptographicall generated address (CGA) solution, or a RFC
5216 EAP-TLS solution which is still not available. And it will be BSD and
Linux and OpenOffice all over again.

And then I will be sad. :(

But, really, the solution I put forth was not possible when the OpenVPN
solution was all the rage: Jouni Malinen and his awesome hostapd. I say we
run with it. I say we take Jouni's awesomeness and change the world, one
AP sans OpenVPN server/client(s) at a time.

And also somehwat of a sidenote is CJDNS. I may be a little harsh here,
but briefly reading the protocol description, something seems amiss about
its usage of CGA and unique local addresses (ULA.) cjdelisle says:

"""... cjdns addresses are the first 16 bytes of the SHA-512 of the
SHA-512 of the public key. All addresses must begin with the byte 0xFC
..."

LOL, encryption keys are not random when they are constrained like that.
That's cryptography 101. If a random number happens to be all zeros, don't
friggin matter, random means anything can happen. Otherwise its not
random, or even pseudorandom. Why didn't he just stick with RFC 3972 CGA?
Anyone familiar enough with CJDNS and CGA and ULA and BATMAN enough to
comment?

> there isn't room for criticism, but I think it's more productive in the
> form of detailed feedback once projects are under way.

Don't get me wrong: OpenVPN can work. But for my mother? No, for my
mother, or quite frankly, anyone I know really, OpenVPN is not a viable
solution. It would be easier to setup a custom AAA server for EAP-TLS
where "peer authentication will not be needed" to quote the RFC one more
time.

VPN over wifi is an old solution. It was abandoned in practice for a
reason. I reject that these reasons should be themselves rejected, because
doing so is "more productive" or to wait to reject previously
rejected-in-practice solutions "in the form of detailed feedback". It has
been a known solution for a long time, and all this will do is perpetuate
what has been on Gentoo forums and wiki Internet-wide for the better part
of a decade. OpenWireless.org should provide more than a Gentoo Wiki howto
from the 00s, it should provide at least alternative theoretical solutions
to work towards.

That would be a shame if it just accepts this VPN solution, or some other
hack, and neglects this possibility for something real and lasting, so I
am doing my best to try and convince you to seriously think about these
alternatives, not to discount them as "negative" or "fatalistic" or
"[un]productive", but to take them as an argument from a human who has
emotions. I read RFCs, and there are ALOT of really cool ideas that
deserve a look. I think RFC 5216 EAP-TLs is one of them, and it deserves a
working implementation, especially being for the most part already
implemented in OpenWRT trunk.

>
> Regarding the legal situation, yes, there are lots of laws. In addition
> to there being no printed code, I've read that it is doubtful that the
> code is even internally consistent (!). But I don't see how that general

Oh man don't get me started!

> point is all that salient to the particular issue of open wireless. I
> think much more important is the fact that the legal situation is
> developing around open wireless right now and could evolve in a number
> of directions. This makes the movement all the more important, since we
> want to establish strong legal precedents that protect people running
> open networks. Sure, not everyone will want to do it right now, and many
> will never do it regardless of the technological and legal landscapes.
> But some people are doing so, and more will as the tech gets better. The
> answer isn't just to declare it to be too risky, but to maximally
> support the pioneers who are keeping APs open, so that we don't fall
> into a world of inefficient, costly, closed wireless.

Yes, my main point was to focus less on that angle of attack and more of
the technical angle.

The law makes for horrible debates that can go nowhere. Well, not that
they go nowhere, but its just that the entire conversation will be full of
misunderstandings as everyone learns the actual law for the first time. No
one knows the law. I have been reading it and writing (major) Wikipedia
law articles for the better part of a decade, and I have no clue. The
other Wikipedia editors have no clue either, and this is about law from
centuries ago. And that discussion has to be repeated across every
jursidiction! In addition, people are afraid to really talk legal issues
for fear of being accused of "practicing law" or tort liability.

Add to that the fact that the law itself is pretty ambiguous, case law or
not, and all your really doing is hypotheticals that won't mean jack when
your sitting inside a prison cell awaiting trial. Really, it all comes
down to putting forth a well reasoned argument. I say leave that
discussion for the EFF big whigs. I have read their briefs, they know
their shit. We could spend the next 20 years discussion these things and
will come to a conclusion that took them 5 minutes. The EFF big whigs,
however, usually cannot talk about RFCs and the Linux kernel like we can.
;)

I'm just saying, that discussion will get very theoretical very fast and
quickly loose touch with reality, unlike discussions on RFCs and the
history of computing.

If you want to open a discussion about it, you can count me IN though! I
am just in the beginnings of California common law, but me thinks it will
largely revolve around the sizable amount of federal law with things like
the FCC and the Federal Register. Most have been mentioned I think, like
status as a network carrier like Tor's argument, data retention laws, etc.
I really think EFF has done an excellent job keeping up the fight. As for
countries like Germany... Well, I am very biased on the subject, as I
actually feel Germany has an extremely fucked judicial system. (Ask me
why!) The few German laws I have tracked down for Wikipedia articles was a
horrible experience, but I think I know more than most about German law
now. Have you ever read a German court case opinion? From German state,
where most important legal precedents come from? I haven't, and I have
been trying for years.

German law is basically pretty explicit like Anglo-American law, and
unlike French law, but they don't have case law like we do explaining how
its applied in practice. They have equivilents to California's Reporter of
Decisions in private practice, but they sell the information for even more
boat loads of money than the US federal courts do with PACER or California
with CCMS, and the number of German court decisions, from what I have been
told, match the number of American court decisions which is to say alot.
But no one has access to them, nor does the fact that a court decision
that says whatever actually mean very much, because you need a string of
such decisions to form what they call jurisprudence constante, and even
then they can still come to a special and contrary opinion just for you.
That's the essence of jurisprudence constante, aka no common law, aka
"civil law". (But hey, civil law still beats decisons of Parlement or
German military occupation orders any day, so they learn to live with what
they can get.)

I admire continental Europe in many legal areas, but "transparency" is NOT
one of them.

>
> On 01/02/2013 05:16 PM, californiajack at tormail.org wrote:
>> That is exactly the problem with adoption of OpenWireless:
>>
>> 1. technical
>> 2. legal
>>
>> Which is to say:
>>
>> 1. no encryption: fear of non-IPsec/non-TLS information leakage
>> 2. no accountability: fear of being accused of child pr0n
>>
>> Which is to say:
>>
>> 1. technically-proficient (smart) people won't use it
>> 2. non-proficient (stupid) people won't use it
>>
>> Which is to say OpenWireless is doomed to failure.
>>
>> The solution to OpenWireless is IEEE 802.11, NOT IPsec. We need an EAP
>> method for OpenWireless. You people are looking for an easy solution.
>> You
>> are looking for a solution that can be provided with current software:
>>
>> This ignorance will make this project fail.
>>
>> (Not to say you are ignorant--I am speaking to the list here, and
>> everyone
>> in general.) IPsec tunneling (the VPN "solution" I always hear about) is
>> a
>> hack. It has always been a hack. It was a fairly good hack, but a hack
>> nontheless. It adds confidentiality to a single hop in the connection to
>> the Internet. It requires a server-client infrastructure, which is to
>> say
>> someone has to setup a VPN/IPsec tunnel server somewhere, at which all
>> data is decrypted and exposed. You can't, for the most part, run an
>> OpenVPN on the AP; the VPN concatenator must be another server. People
>> are
>> not going to setup an OpenVPN server. People are not going to trust you
>> to
>> run a VPN server, giving you sole control and visibility of their data.
>> Given that each client would have to implement this NON-STANDARD hack,
>> well, like I said, no one in their right mind will or should do that.
>> That's right: I RECOMMEND NO ONE USE THE VPN OF AN UNTRUSTED 3RD PARTY.
>> I
>> don't recommend my grandma setup her own OpenVPN server.
>>
>> There is only one solution, the solution which everyone's cognitive
>> dissonance would rather ignore: fix the IEEE 802.11 setup! RSN (Robust
>> Security Network i.e. IEEE 802.11i) is the equivilent of OpenVPN on
>> every
>> wireless client, and RSN is already supported by all current OS.
>>
>> Unfortunately, as I have said earlier, quotes from people like security
>> expert Bruce Schneier are somewhere between laughable and scary. While I
>> am guessing he uses IPsec (VPN) on top of his IEEE 802.11 and below his
>> TCP and HTTP, I am actually a little offended he just plain bitched out
>> and chose someone else's hack than fix the problem.. It is just so sad
>> to
>> see WPA and RSN thought of as equivilent; you can have RSN without any
>> shared secrets or PKI. (At least theoretically.) I know *why* Bruce
>> Schneier bitched out, and it isn't because Bruce Schneier is a bitch.
>> Bruce Schneier bitched out because "apt-get install openvpn" was MUCH
>> easier than "git clone git://w1.fi/srv/git/hostap.git; git clone
>> git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git;
>> vi;". If Schneier won't, and you won't, and I can't do what is needed (I
>> am still reading hostapd code; the EAP-UNAUTH-TLS commits were
>> eye-openning, but..) then:
>>
>> This project, OpenWireless, and the ideals behind it, will fail.
>>
>> Sad, but true. Our collective cognitive dissonance in this matter is
>> going
>> to cause problems. You will continue to pull your hair out, saying to
>> yourself "my setup works fine, why won't people adopt it?" because the
>> truth, that your setup isn't fine--its a hack--will just plain prevent
>> OpenWireless from going anywhere. The 1st step is admitting there's a
>> problem. Everyone knows, deep down, OpenVPN is a hack. Tunneling IPsec
>> is
>> great, but the Internet can't be built on IPsec tunnels. It has to be
>> made
>> with RSN, IPsec ESP, and TLS. In fact, VPN isn't even used anymore at my
>> university, which is to say it is dead. Because if my University stopped
>> using it, that shit must be fucked. (My university is fairly technically
>> inept, historically.)
>>
>> My university uses (gasp!) IEEE 802.11i RSN. No VPN. Take the protocols
>> that are used for my university's wifi, which are standard in Windows
>> Vista, and take out client authentication, and there's your
>> OpenWireless.
>> BAM! Litterally, the only thing wrong with their wifi is the client
>> authentication; because we want wireless to be open. The solution is not
>> to disable RSN and pretty much use 1990s wifi tech then hack hack hack
>> with OpenVPN on top.
>>
>> The solution is not more protocols, its less. Like I said before, if
>> BTNS
>> WG wouldn't have bitched out then disbanded, we might have gotten
>> EAP-BTNS, but EAP-TLS with a non-retarded TLS implementation would do
>> nicely, too. ("I tried to connect to [Gmail,eBay, etc.], but its kept
>> asking for a "x.509 client certificate"--I didn't know what that was, so
>> I
>> didn't connect to [Gmail,eBay, etc.] securely. I followed Bruce
>> Schneier's
>> advise and just disbaled authentication and disabled encryption.") This
>> is
>> not simple. BUT! But it is the correct solution, and it is logistically
>> possible because wifi clients wont have to install IEEE 802.11i RSN.
>>
>> And that's just 1. That's why smart people won't use OpenWireless. For
>> the
>> other reason, reason 2, is more complex.
>>
>> You have a Bible in your house? Have you ever seen one? OK, do you have
>> the Penal Code in your house? Have you EVER seen it in person? Don't
>> fucking lie--you have never seen the law in person. California does not
>> actually print the Penal Code, so I KNOW you don't have one. When you
>> get
>> over any confusion in that sentence, and gradually pass into outrage
>> (that
>> the government doesn't actually even print the fucking law--only 3rd
>> parties do, and they sell it at exorbitant prices.) If you wanted a
>> printed copy of the law (state law is what really matters, not federal
>> law, because the FBI does not have HUNDREDS OF THOUSANDS of police
>> officers like California does), not only would you have to be rich, but
>> you would have to have a VERY large bookshelf. Notice how California put
>> California law online? Yeah, they were fucking sued before they put the
>> law online. The government, the legislature actually, had to be sued to
>> put the law online. And California is far more open when it comes to law
>> than say countries like the UK, where distributing the law is actually
>> illegal (the law of the UK is copyright property of the Queen, and
>> distributing copyright without her permission is illegal--pretty much
>> the
>> opposite of the US, where its all public domain) And the UK is FAR more
>> open than its European counterparts, or any other non-European country.
>> (At least they have their law online--if only to be so massive an
>> unorganized to be useless. Dammit UK! France and California codified
>> their
>> laws in the 1800s!)
>>
>> So the solution to people's fear about police kidnapp--er, arrest, is an
>> even bigger problem. Fix the technical solution first, and leave the
>> problem of not being able to read the 200,000 sections of law in
>> California (about 150,000 in the USC and 50,000 in California Codes),
>> plus
>> county codes and municipal codes (which are by default misdameanor
>> crimes
>> in California--I don't know how many, but in Los Angeles County for
>> example possession of a shortwave radio in your car is a crime--although
>> very few people know this--LA County has 10,000,000 people BTW, and no
>> one
>> knows who runs the Government of Los Angeles County), another
>> 20,000-50,000 regulations in the Code of Federal Regulations (CFR) and
>> California Code of Regulations (CCR), federal Supreme Court decisions,
>> federal appeals court decisions, California Supreme Court decisions,
>> California appeals court decisions, and probably more levels of
>> government, and figuring out what the law is to some later date. Yes,
>> that
>> problem is pretty big. Really: fix EAP first. Law is the never-never
>> land
>> of logic, and there are no such things as happy thoughts.
>>
>> --
>> californiajack
>>
>>> This link caught my eye
>>>
>>> http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html
>>>
>>> My sense is that the push-back against fear of sharing wifi is both
>>> technical eg VPN/VLAN and evidential, by which I mean if we can get to
>>> a
>>> state whereby IP address is considered as an indicator of further
>>> interest
>>> and not automatically proof of guilt then that offers an altogether
>>> more
>>> easy/effective/comfortable proposition for mass adoption and
>>> availability
>>> of openwireless.
>>>
>>> Guy
>>>
>>> On Tue, Nov 27, 2012 at 10:17 AM, Natanael <natanael.l at gmail.com>
>>> wrote:
>>>
>>>> CJDNS is not designed for these purposes. It is not like I2P or Tor,
>>>> only
>>>> routing is "dynamic". You'd need a VPN in place already or some kind
>>>> of
>>>> Dynamic DNS to create a link between the laptop/phone node and the
>>>> home
>>>> router node. It also don't provide internet access sharing on it's
>>>> own,
>>>> in
>>>> this way ut resemble I2P.
>>>> Den 27 nov 2012 11:09 skrev "Christian Huldt" <christian at solvare.se>:
>>>>
>>>> Maybe we should take a look at cjdns?
>>>>> Someone here knows something about it?
>>>>> I'm not that well-informed, but it seems it should be able to deal
>>>>> with
>>>>> a
>>>>> few of those issues...
>>>>>
>>>>> And I quite recently stumbled upon the term "WPA guest access", I
>>>>> think
>>>>> in was in relation to coovaChilli...
>>>>>
>>>>>
>>>>> http://cjdns.info/
>>>>> http://en.wikipedia.org/wiki/**Cjdns
>>>>> <http://en.wikipedia.org/wiki/Cjdns>
>>>>> http://www.reddit.com/r/**darknetplan/<http://www.reddit.com/r/darknetplan/>
>>>>>
>>>>> Andy Green skrev 2012-11-27 08:24:
>>>>>
>>>>>> Hi -
>>>>>>
>>>>>> Sure, if you're able to flat out run open APs more power to your
>>>>>> elbow.
>>>>>>
>>>>>> Most people sitting on a personal internet connection aren't in that
>>>>>> situation and need something else to happen if they will
>>>>>> participate.
>>>>>> In
>>>>>> terms of reach, it's those guys that are all around us and could
>>>>>> make
>>>>>> a
>>>>>> huge difference.
>>>>>>
>>>>>> Calling normal people making rational decisions faced with legal
>>>>>> facts
>>>>>> in their locality 'cowards' as some are doing is not the right
>>>>>> 'something else' to unstick them. If people have a more convincing
>>>>>> idea
>>>>>> for those people than what's being discussed about vpn, I'm
>>>>>> certainly
>>>>>> interested to hear it.
>>>>>>
>>>>>> -Andy
>>>>>>
>>>>>> Brad Knowles <brad at shub-internet.org> wrote:
>>>>>>
>>>>>>     On Nov 26, 2012, at 8:22 PM, Andy Green (林安廸)
>>>>>> <andy at warmcat.com>
>>>>>> wrote:
>>>>>>
>>>>>>         But you're right, it adds a hurdle compared to just sitting
>>>>>>         there with an unencrypted AP. But for consumers, the truly
>>>>>> open
>>>>>>         AP ship has sailed a while ago, they will no longer do it.
>>>>>>
>>>>>>
>>>>>>     I think that there may be some places left in this world where
>>>>>> we
>>>>>> could have truly open APs, but they are certainly few and far
>>>>>> between.
>>>>>>  Nevertheless, I'm not willing to give up on that possibility.
>>>>>>
>>>>>>     OTOH, I do think that the majority of people will either refuse
>>>>>> to
>>>>>> run an OpenWireless site at all, or they will insist that it allow
>>>>>> only
>>>>>> VPN-secured connections.  These people might be in countries like
>>>>>> Germany
>>>>>> where there is clearly a very real legal threat, or
>>>>>>       in
>>>>>>     places where the threat is less well-defined.  But the fear of
>>>>>> what
>>>>>> might happen would still keep the bulk of the potential participants
>>>>>> away.
>>>>>>
>>>>>>     I see no reason why we should treat these two solutions as
>>>>>> mutually
>>>>>> exclusive.
>>>>>>
>>>>>>
>>>>>>     HTTP is not XOR with HTTPS.  Some sites will support one or the
>>>>>> other but not both, but most sites either allow both or already use
>>>>>> some
>>>>>> mixture of both.
>>>>>>
>>>>>>     Yes, this can complicate things in the context of serving web
>>>>>> sites,
>>>>>> but I don't think that necessarily has to be a problem for us.
>>>>>> There
>>>>>> are
>>>>>> additional design considerations that need to be taken into account,
>>>>>> but I
>>>>>> think we can handle that.
>>>>>>
>>>>>>
>>>>>>     I should be able to provide a free entry point
>>>>>> forvpn-required.openwireless.**org<http://forvpn-required.openwireless.org>
>>>>>> <
>>>>>> http://vpn-required.**openwireless.org<http://vpn-required.openwireless.org>>
>>>>>>  and anyone who wants to connect to that network using a VPN-enabled
>>>>>> client
>>>>>> should be able to do so.  But if you don't have a VPN-enabled
>>>>>> client,
>>>>>> you
>>>>>> would not be able to use my netwo
>>>>>>       rk
>>>>>>     connection.
>>>>>>
>>>>>>     If my neighbor wants to provide a free entry point
>>>>>> forunencrypted.openwireless.**org<http://forunencrypted.openwireless.org>
>>>>>> <
>>>>>> http://unencrypted.**openwireless.org<http://unencrypted.openwireless.org>>
>>>>>>  and take some extra risk (perhaps minimal, or maybe real), then
>>>>>> they
>>>>>> should be able to do that, too.
>>>>>>
>>>>>>     --
>>>>>>     Brad Knowles <brad at shub-internet.org>
>>>>>>     LinkedIn Profile: <http://tinyurl.com/y8kpxu>;
>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________**_________________
>>>>>> Tech mailing list
>>>>>> Tech at srv1.openwireless.org
>>>>>> https://srv1.openwireless.org/**mailman/listinfo/tech<https://srv1.openwireless.org/mailman/listinfo/tech>
>>>>>>
>>>>>>
>>>>> ______________________________**_________________
>>>>> Tech mailing list
>>>>> Tech at srv1.openwireless.org
>>>>> https://srv1.openwireless.org/**mailman/listinfo/tech<https://srv1.openwireless.org/mailman/listinfo/tech>
>>>>>
>>>> _______________________________________________
>>>> Tech mailing list
>>>> Tech at srv1.openwireless.org
>>>> https://srv1.openwireless.org/mailman/listinfo/tech
>>>>
>>>>
>>> _______________________________________________
>>> Tech mailing list
>>> Tech at srv1.openwireless.org
>>> https://srv1.openwireless.org/mailman/listinfo/tech
>>>
>>
>> _______________________________________________
>> Tech mailing list
>> Tech at srv1.openwireless.org
>> https://srv1.openwireless.org/mailman/listinfo/tech
>
>
> --
> Dan Auerbach
> Staff Technologist
> Electronic Frontier Foundation
> dan at eff.org
> 415 436 9333 x134
>
> _______________________________________________
> Tech mailing list
> Tech at srv1.openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
>

More information about the Tech mailing list